New CNAPulse Dashboard Tracks CNA Activity and Disclosure Trends

CNAPulse.org, an open-source dashboard developed by security researcher Jerry Gamblin, monitors the publishing activity of CVE Numbering Authorities (CNAs) to identify variations in disclosure rates, offering a near-real-time assessment of the CVE ecosystem. The platform, which updates every three hours, categorizes CNAs into Growth, Normal, Declining, and Inactive statuses based on a 30-day publishing window compared to a 12-month baseline. Gamblin created the tool after recognizing the challenges of manually analyzing CNA activity when a major CNA, Patchstack, experienced a publishing slowdown due to an internal migration. With input from security data researcher Jay Jacobs, the dashboard was refined to enhance readability and accessibility, including a revamped color scheme and detailed CNA activity pages. CNAPulse provides transparency and stability to the CVE ecosystem, especially significant amidst uncertainties surrounding the future of the CVE program and potential governance changes. The initiative is part of Gamblin's broader effort to ensure visibility into the volume and quality of vulnerability disclosures, complementing his previous CNA Scorecard project.